Knowledge Base
Event ID 4624 gets logged whenever an account successfully logs on. The log data gives information about the user logon such as the username and time of the logon.
This is one of the most common events that you will encounter in your network and isn't a concern most of the time. However, account logons, especially ones by privileged users must be tracked by administrators. But due to the large number of such events, it can be challenging for administrators to identify suspicious logon activity that could pose a threat to security.
EventLog Analyzer lets you audit logon activity to help you instantly identify anomalous logon activity such as privileged user logons during non-business hours.